Syslog - Wikipedia, the free encyclopedia http://en.wikipedia.

org/wiki/Syslog

Syslog
From Wikipedia, the free encyclopedia

Syslog is a standard for forwarding log messages in an Internet Protocol (IP) computer
network. It allows separation of the software that generates log messages from the system
that stores the messages.

Syslog is a client/server protocol:[1] a logging application transmits a maximum 1024-byte

text message to the syslog receiver. The receiver is commonly called syslogd, syslog
daemon or syslog server. Syslog messages may be sent via the User Datagram Protocol
(UDP) or the Transmission Control Protocol (TCP).[2] The data is sent in cleartext;
although not part of the syslog protocol itself, an SSL wrapper may be used to provide for
a layer of encryption through SSL/TLS. Syslog uses the port number 514.

Syslog is typically used for computer system management and security auditing. While it
has a number of shortcomings, syslog is supported by a wide variety of devices and
receivers across multiple platforms. Because of this, syslog can be used to integrate log
data from many different types of systems into a central repository.

Syslog is now standardized within the Syslog working group of the IETF.

Contents
1 History
2 Outlook
3 See also
4 References
5 External links

History
Syslog was developed in the 1980s by Eric Allman as part of the Sendmail project, and
was initially used solely for Sendmail. It proved so valuable, however, that other
applications began using it as well. Syslog has since become the standard logging
solution on Unix and Linux systems; there have also been a variety of syslog
implementations on other operating systems and is commonly found in network devices
such as routers.

Until recently, Syslog functioned as a de facto standard, without any authoritative

published specification, and many implementations existed (some of which were
incompatible with others). In an effort to improve its security, the Internet Engineering Task
Force implemented a working group. In 2001, the status quo was documented in RFC
3164. Since then, new additions to syslog have been worked on. RFC 3164 is as of March
2009 obsoleted by RFC 5424[3]

1／3 2010/3/9 下午 10:33

Syslog - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/Syslog

At different points in time, various companies have attempted patent claims on syslog.
[4][5][6]
This has had little effect on the use and standardization of the protocol.

Outlook
Various groups are working on draft standards detailing the use of syslog for more than
just network and security event logging, such as its proposed application within the health
care environment.

Regulations, such as SOX, PCI DSS, HIPAA, and many others are requiring organizations
to implement comprehensive security measures, which often include collecting and
analyzing logs from many different sources. Syslog has proven to be an effective format to
consolidate logs with, as there are many open source and commercial tools for reporting
and analysis.

An emerging area of managed security services is the collection and analysis of syslog
records for organizations. Companies calling themselves Managed Security Service
Providers attempt to apply artificial intelligence algorithms to detect patterns and alert
customers of problems.

See also
Audit trail
Console server
Data logging
Netconf
Server log
Simple Network Management Protocol (SNMP)
Security Event Manager
Log management and intelligence
Web log analysis software
Web counter
Common Log Format
Rsyslog
Syslog-ng

References
1. ^ RFC 3164, The BSD syslog Protocol
2. ^ RFC 3195, Reliable Delivery for syslog
3. ^ R. Gerhards, The Syslog Protocol, RFC 5424 (http://tools.ietf.org/html/rfc5424)
4. ^ "LXer: Patent jeopardizes IETF syslog standard" (http://lxer.com/module/newswire
/view/64026/index.html) . http://lxer.com/module/newswire/view/64026/index.html.
5. ^ "Patent application jeopardizes IETF syslog standard" (http://www.linux.com
/articles/55401) . http://www.linux.com/articles/55401.
6. ^ "IETF IPR disclosure on HUAWEI's patent claims" (http://datatracker.ietf.org/public
/ipr_detail_show.cgi?ipr_id=724) . http://datatracker.ietf.org/public
/ipr_detail_show.cgi?ipr_id=724.

2／3 2010/3/9 下午 10:33

Syslog - Wikipedia, the free encyclopedia http://en.wikipedia.org/wiki/Syslog

External links
IETF syslog working group (http://www.ietf.org/html.charters/syslog-charter.html)
SANS Paper (http://www.sans.org/rr/whitepapers/logging/1168.php) The Ins and
Outs of System Logging Using Syslog
Windows to Syslog (http://www.loganalysis.org/sections/syslog/windows-to-syslog)
Syslog Help and Information (http://www.syslog.org/)
NIST SP 800-92 Guide to Computer Security Log Management (PDF)
(http://csrc.nist.gov/publications/nistpubs/800-92/SP800-92.pdf)
Syslserve (http://www.syslserve.com/)
Retrieved from "http://en.wikipedia.org/wiki/Syslog"
Categories: Internet protocols | Internet standards | System administration | Network
management

This page was last modified on 24 February 2010 at 18:53.

Text is available under the Creative Commons Attribution-ShareAlike License;
additional terms may apply. See Terms of Use for details.
Wikipedia® is a registered trademark of the Wikimedia Foundation, Inc., a non-profit
organization.

3／3 2010/3/9 下午 10:33